Over a million developers have joined DZone.

Docker Registry With a Let's Encrypt Certificate

DZone's Guide to

Docker Registry With a Let's Encrypt Certificate

Save the whales! Learn how to protect your Docker files from pesky container security threats by generating an encryption certificate.

· Security Zone ·
Free Resource

Learning by doing is more effective than learning by watching - that’s why Codebashing offers a hands-on interactive training platform in 10 major programming languages. Learn more about AppSec training for enterprise developers.

A one-liner to run an SSL Docker registry generating a Let's Encrypt certificate.

This command will create a registry proxying the Docker hub, caching the images in a registry volume.

A Lets' Encrypt certificate will be auto-generated and stored in the host directory as letsencrypt.json. You could also use a Docker volume to store it.

In order for the certificate generation to work, the registry needs to be accessible from the internet in port 443. After the certificate is generated that's no longer needed.

docker run -d -p 443:5000 --name registry \
  -v `pwd`:/etc/docker/registry/ \
  -v registry:/var/lib/registry \
  -e REGISTRY_HTTP_HOST=https://docker.example.com \
  -e REGISTRY_HTTP_TLS_LETSENCRYPT_CACHEFILE=/etc/docker/registry/letsencrypt.json \
  -e REGISTRY_PROXY_REMOTEURL=https://registry-1.docker.io \

You can also create a config.yml in this directory and run the registry using the file instead of environment variables.

version: 0.1
  host: https://docker.example.com
      cachefile: /etc/docker/registry/letsencrypt.json
      email: admin@example.com
  remoteurl: https://registry-1.docker.io

Then run:

docker run -d -p 443:5000 --name registry \
  -v `pwd`:/etc/docker/registry/ \
  -v registry:/var/lib/registry \

If you want to use this as a remote repository and not just for proxying, remove the proxy entry in the configuration.

Find out how CxSAST can help you scan uncompiled and unbuilt code while identifying hundreds of security vulnerabilities in the most prevalent coding languages.

security ,docker security ,ssl certificates ,cloud security ,container security

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}